How the Privileged User Stole Christmas

Transcription

1 Netwrix Security Talk How the Privileged User Stole Christmas Dave Matthews Systems Engineer at Netwrix

2 Agenda 1. Issues security pros are talking about 2. Privileged User Portrait 3. Privileged Account Management Best Practices 4. Prize draw

3 What are security pros talking about? Revealed massive database breach affecting up to 500 million hotel guests Tested the UK financial system resilience to cyber attacks Fined by British and Dutch regulators for 2016 data hack

4 Privileged User Portrait Database administrator System administrator Network engineer IT security practitioner Cloud custodian Application developer Data center operations

5 Privileged Account Management Best Practices Maintain an up-to-date inventory of all privileged accounts Be sure to inventory accounts from critical Active Directory groups, such as Domain Admins, as well as *nix servers root accounts. Minimise the number of personal privileged accounts Ideally, each admin should have only one personalised privileged account for all systems. Do not allow admins to share accounts Make administrators accountable for their actions by personalising their privileged accounts. Use the default administrator, root and similar accounts only when absolutely necessary. o o o Create a password policy and strictly enforce it Require passwords to be changed regularly Use password management tools or an encrypted datasheet for password storage Use two-factor authentication

6 Privileged Account Management Best Practices Limit the scope of permissions for each privileged account To minimise risk, enforce two key principles: separation of duties, and least privilege. Extend your privileged access protection past the firewall Remember to extend your protection to accounts associated with social media, SaaS applications, partners, contractors and customers Use privilege elevation best practices IT admins should use their privileged accounts only when they need the elevated permissions for a specific task; they should use their regular accounts otherwise. Document your account management policies and practices Make sure your rules and processes are explicitly written down and signed by management, so everything is clear and enforceable

7 Make sure the Privileged User does not steal your presents Monitor and log all privileged activity Implement real-time monitoring of privileged user activity and alerts about critical actions Analyse the privilegerelated risks Minimise the risks related to privilege elevation and improper admin rights assignment Review privileged access rights Regularly review privileged access rights and privileged permissions assignment

8 What s next? Read how-tos: o How to Check User Permissions in Active Directory o How to Get an Active Directory OU Permissions Report o How to Detect Who Added a User to Domain Admins Group o How to List AD Group Members with or without PowerShell Check out our blog post How to Detect Privileged Account Abuse Follow us on Twitter and LinkedIn Watch out for the recording of this webinar and new episodes of Netwrix Security Talk

9 Prize Draw

10 Netwrix team wishes you a Merry Christmas and a Happy New Year! Dave Matthews Systems Engineer at Netwrix